/**
 * 
 */
package servlet;

import java.io.IOException;
import java.io.PrintWriter;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import run.UserInfo;
import database.SetConn;

import eb.User;

/**
 * @author ys
 * 
 */
public class ChangePasswdServlet extends HttpServlet {
	private static final String CONTENT_TYPE = "text/html;charset=GBK";

	/**
	 * 
	 */
	public ChangePasswdServlet() {
		// TODO Auto-generated constructor stub
	}

	@Override
	protected void doPost(HttpServletRequest request,
			HttpServletResponse response) throws ServletException, IOException {
		response.setContentType(CONTENT_TYPE);
		request.setCharacterEncoding("GBK");
		PrintWriter out = response.getWriter();
		HttpSession session = request.getSession();
		User currentUser = (User) session.getAttribute("UserInfo");

		if (currentUser == null) {
			out.println("you are not login now"
					+ "<a href=\"javascript:history.back()\">"
					+ "please login. </a>.");
			return;
		} else {
			System.out.println("editpassword");
			String oldPasswd = request.getParameter("OldPassword");
			String newPasswd = request.getParameter("NewPassword");
			String verifyPasswd = request.getParameter("VerifyNewPassword");
			System.out.println("oldPassword:" + oldPasswd);
			System.out.println("newPasswd:" + newPasswd);
			System.out.println("verifyPasswd:" + verifyPasswd);

			SetConn testconn = new SetConn();
			Connection conn = testconn.setupConn();
			String userName = currentUser.GetUserName();
			String sql = "select * from member where UserName='"
					+ userName + "'";
			ResultSet rs;
			try {
				PreparedStatement queryPs = conn.prepareStatement(sql);
				rs = queryPs.executeQuery();
				String passwd = "";
				if (rs.next()) {
					passwd = rs.getString(3);
				}
				System.out.println("passwd from database:"+passwd);
				if (!passwd.equals(oldPasswd)) {
					out.println("Wrong old password"
							+ "<a href=\"change_password.jsp\">"
							+ "<br>please input again. </a>.");
				} else if (!newPasswd.equals(verifyPasswd)) {
					out
							.println("The new password is not the same as the verify password"
									+ "<a href=\"change_password.jsp\">"
									+ "<br>please input again. </a>.");
				} else {
					currentUser.SetPassWord(newPasswd);
					UserInfo userInfo = new UserInfo();
					userInfo.updatePasswd(currentUser);
					session.setAttribute("UserInfo", currentUser);
//					response.sendRedirect("index.jsp");
					response.sendRedirect("user_info.jsp");
				}
			} catch (SQLException e) {
				e.printStackTrace();
			}
		}
		out.flush();
		out.close();
		// super.doPost(request, response);
		return;
	}

}
